SecurityXploded Mentorship Programme 2013-14: My experience

I am writing this blog to share my SecurityXploded Student Mentorship Programme experience with the future students of this programme. My mentorship programme started last year in August when I was in 2nd year of MS at IIIT-Allahabad. I knew about SecurityXploded community since I used to follow their blogs, training programmes and security tools as well.

In my selection interview with Amit Malik, I was asked lots of questions related to basic malware analysis, exploits, security tools, Windows API and some questions related to my previous work also. It was then I realised that even though I have qualified the interview, some of my concepts were still unclear and this programme can in fact help build a good base for me.

In the programme curriculum, initially I was given assignments related to assembly language, python scripting, WinAPI programming and PE files. Solving the assignments was really helpful as my concepts got clear and I felt confident. The solutions need to be sent at the end of each week; hence we get enough time to complete the work considering the fact that we also have to manage our college studies simultaneously. My mentors also encouraged me to write blogs on SecurityXploded community website as it’s always a good habit to document whatever new things we come across in our research. My blogs can be accessed here.

The final task of the programme was to analyze a few malware samples. It’s the real challenging task because we have to apply all the things we have learnt previously to reverse engineer the malwares. My submitted reports can be accessed here. Apart from malware analysis, one can also develop a new security tool or write a research paper related to infosec; but I didn’t go for it because I was already writing a research paper on Android malwares for my college.

Throughout the programme, the mentors are always there to review our work, give suggestions and encourage us to work harder. We can ask them doubts by calling them in their free time or shooting a mail any time of the day! So after the mentorship programme got finished in January, I had developed enough experience and practical exposure in areas like malware analysis, reverse engineering, python scripting, exploit research etc. This experience was also very beneficial for me during my campus recruitment in Zscaler as a security researcher.

In the end, I would like to appreciate the SecurityXploded community for indulging in educating newbies and providing quality training to students at free of cost. I will advise all the students new in the field and who want to make a career in infosec to take advantage of this opportunity.

Similar posts

Computer Security Tips: Stay Safe Onl...
—
In recent times cyber security has raised the level of awareness and public consciousness as never before. Both large corporations and big organizations try to take care of online security as much as they can. That’s why cyber criminals and hackers have focused more on smaller companies and single entrepreneurs. This awful tendency leads to [...]

Code Injection and API Hooking Techni...
—
Hooking covers a range of techniques used for many purposes like debugging, monitoring, intercepting messages, extending functionality etc. Hooking is also used by a lot of rootkits to camouflage themselves on the system. Rootkits use various hooking techniques when they have to hide a process, hide a network port, redirect file writes to some different [...]

Announcement – SecurityXploded ...
—
From the past two years we are working actively on couple of projects to support the security community. As you all may already know that we have successfully completed our reversing and malware analysis training programme and we are very glad that it was very helpful for everyone. In my opinion the success of any [...]

Advanced Malware Analysis Training Se...
—
Here is the quick update on this month’s Local Security meet (SX/Null/G4H/owasp) and our advanced malware training session on (Part 2) Dissecting the HeartBeat RAT Functionalities This is part of our FREE ‘Advanced Malware Analysis Training’ series started from Dec 2012. In this extended session, I explained “Decrypting various Communications Of HeartBeat [...]

Advanced Malware Analysis Training Se...
—
Here is the quick update on this month’s Local Security meet (SX/Null/G4H/owasp) and our advanced malware training session on (Part 1) Reversing & Decrypting Communications of HeartBeat RAT This is part of our FREE ‘Advanced Malware Analysis Training’ series started from Dec 2012. In this extended session, I explained “Decrypting The [...]